[Clamav-users] clamd reload - reloading logfile failed ?
Hi all,
I seem to be having some problem with clamd and logrotate. Logrotate
reloads clamd after rotating the logfile and creating a new one, but clamd
fails reload with the following :
Reloading log file:[FAILED]
It does the same if I try to manually reload clamd as well. A restart,
however, seems to work properly and logging continues.
Am I doing something wrong here? My logrotate file is as follows :
#
# Rotate Clam AV daemon log file
#
/var/log/clamav/clamd.log {
missingok
nocompress
create 640 clamav clamav
postrotate
/sbin/service clamd reload 2> /dev/null 2> /dev/null || true
endscript
}
--
Jason 'XenoPhage' Frisvold
xenopha...@gmail.com
http://blog.godshell.com
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Clamav-users] clamd reload - reloading logfile failed ?
On Dec 12, 2009, at 11:12 PM, Dennis Peterson wrote: > Just a guess but I think the user that clam runs as does not have permission > to > create a new file in /var/log/clamav after rotate has removed it. When clam > first starts it is often started as user root and then becomes the configured > user. As root it can create a log file on any local file system. If so a cure > is to have the postrotate touch a file and set appropriate permissions before > telling clamav to reload. I have "create 640 clamav clamav" in the logrotate script, so that should be creating the file and setting the appropriate permissions.. That, I thought, should be enough. But even if I run reload outside of logrotate, when the existing log file is still in place, I get the failed message as well. Thus my confusion. > dp -- Jason 'XenoPhage' Frisvold xenopha...@gmail.com http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd reload - reloading logfile failed ?
On Dec 13, 2009, at 1:41 PM, G.W. Haywood wrote:
> FWIW I use logrotate for just about everything that logs, with almost
> no trouble. I did recently have to upgrade from a very old version of
> logrotate on a very old Red Hat system, but I can't remember now what
> exactly it was doing (or not doing) that I didn't like. Something to
> do with messing up when I had complex command lines in the logrotate
> scripts themselves. What version of logrotate are you using?
Version 3.7.4, apparently. The version that ships with the latest RHEL 5.4
release.
> Incidentally I use syslog-ng for just about all logging, and I can't
> recommend it highly enough.
syslog-ng is on my list of things to look into .. Unfortunately, my list is ..
well.. large. :)
> I wonder if this 'reload' isn't doing quite what you think it's doing?
> Actually I don't think I understand the term 'reloading a log file'.
> (OTOH I do think I understand the terms 'reloading a database' and
> 'reopening a log file'. :) You haven't given us enough information to
> know what exactly is going on in this case. For example I'm assuming
> that you want clamd to write to the log file directly (as opposed to
> using the syslog facilities) but you could confirm that by letting us
> have sight of your clamd.conf and the command line which starts clamd.
> You can probably get the latter from 'ps'.
>From what I'm seeing, the init script merely sends a sighup to the process.
>The exact code is here :
reload() {
echo -n $"Reloading log file: "
killproc clamd -SIGHUP
RETVAL=$?
echo
return $RETVAL
}
As for clamd, the config (minus comments, whitespace, etc) is as follows :
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime yes
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /var/lib/clamav
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
MaxDirectoryRecursion 15
User clamav
AllowSupplementaryGroups no
ScanPE yes
ScanOLE2 yes
ScanMail yes
ScanHTML yes
ScanArchive yes
MaxFileSize 10M
MaxRecursion 5
MaxFiles 1000
So yes, I have clam writing directly to a log file, which I then want to rotate
on a regular basis.
> If you mean 'reload' as in 'give the reload command to clamd' then I
> think you're doing nothing that will tell clamd to close and reopen
> its log file. See the 'man' page for clamd.
The exact command is :
sudo /sbin/service clamd reload
Per the clamav docs (http://www.clamav.net/doc/latest/html/node26.html) :
Clamd can handle the following signals:
• SIGTERM - perform a clean exit
• SIGHUP - reopen the log file
• SIGUSR2 - reload the database
So a SIGHUP should cause the logfile to be re-opened. If i understand
correctly, if the logfile is moved, the file handles follow. However, a sighup
should cause the new logfile to be used, assuming it has the same
name/permissions as the original.
> Why not just make that something like 'restart' instead of 'reload'?
> Alternatively you might want to try something like
Restart is a possible path, though it takes longer than a reload, thus impeding
my scanning. I'm not opposed to it, I just want to make sure it's the correct
path before I head there. It seems that SIGHUP should do the job, but it's not.
> 73,
> Ged.
Thanks...
BTW.. 73? What's the significance?
--
Jason 'XenoPhage' Frisvold
xenopha...@gmail.com
http://blog.godshell.com
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav suddenly died on several boxes
On 4/11/07, Shane Wise <[EMAIL PROTECTED]> wrote: > I also saw this on two different servers yesterday...about 13 hours ago > actually...didn't catch it until this morningwould really like to > know whats going on.Had this happen two days ago on a different > server as well... Same here, three servers. Had this happen a few weeks ago on one of those servers, but I thought it was an isolated incident.. -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
On 4/11/07, Brian Morrison <[EMAIL PROTECTED]> wrote: > I'd say that it is more dangerous to stop mail delivery due to failed > virus scanning than it is not to scan mail while clamd is unresponsive. But then the potential for virus infected email to get through is raised. While I realize that end-users *should* have virus scanners on their machines, the "comfort" factor knowing that the email server is scanning for virii makes them a tad complacent. Thus it's more likely that a user can be infected if they believe that no virus laden mail can reach them. So, instead, blocking mail until the virus scanner is back online is, imho, a better option. Of course, at that point you're relying on the SMTP capabilities of the senders... But on the upside, it stops spam from coming in for a while! :) > Brian Morrison > [EMAIL PROTECTED] -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav suddenly died on several boxes
On 4/11/07, James Kosin <[EMAIL PROTECTED]> wrote: > Well, > > Deleting the database directory and restarting freshclam to get the > databases again seems to have fixed the problem on both systems. > > This problem may be related to getting incremental updates and not > being able to update the .CVD database properly. This is the only > clue I can give. Agreed. Since my first email I've gone through and read the rest of the clamav mail for the night.. It looks like a new main.cvd released caused some congestion on servers. Coupled with a bug that caused retries to time out, this caused clamd to crash. It's working this morning, so I'm not too distraught over the problem.. :) > - -James -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamdmon.sh
On 4/11/07, Lyle Giese <[EMAIL PROTECTED]> wrote: > I am amazed at the number of people here that apparently not using > SOMETHING to monitor clamd. Esp. when the developers include a nice > script to check and restart clamd. I'm not sure it was a matter of not having clamd monitored, I think it was more of a notice that clamd failed and everyone is making sure that others on the list know.. I know I have all my services (clam, spam, smtp, pop3, imap, etc) monitored out of band. > Lyle -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
On 4/11/07, John Rudd <[EMAIL PROTECTED]> wrote: > Depends on what your goals are. > > For me, a reliable email system does not just mean "mail gets > delivered". It also means that "we reliably reject detectable viruses". > If we're letting viruses through because our pants are down (because > our AV tool has failed), then that's not a reliable email system. > That's a dysfunctional email system. Agreed... > better monitoring and notification: yes, good. Check out argus (http://argus.tcp4me.com) .. Works wonderfully for me. > It's like using condoms. Just because you run out of condoms doesn't > make unprotected sex suddenly "safe". Accepting email from the world > without your AV tool processing it is as irresponsible as having > unprotected sex with the entire world. Ugh.. Thanks.. I'm gonna have nightmares for weeks now.. -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] daily.wmd trouble with 0.91rc1
On 6/2/07, Bill Landry <[EMAIL PROTECTED]> wrote: > Noel, I started seeing the same problem this evening with ClamAV > 0.90.3. I finally had to recompile with --disable-experimental and > everything has run fine here since. I wonder if you disable the > experimental sections in the clamd.conf file if that will have any > affect. Also, can you compile with experimental specifically disabled > (--disable-experimental)? I've had the problem on my machine as well. CentOS 5.0. I have it compiled with --disable-experimental, though from Tomasz' post, it seems that this has no effect on the anti-phishing code. Same symptoms too.. Worked fine till the freshclam update, then started crashing all over.. I've reverted back to 0.90.3 for the time being. > Good luck... > > Bill -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Handling Quarantined Virii
Hi all, How does everyone handle the clamav quarantine? I'm running clamav w/ qmail-scanner and every virus laden email gets put into the quarantine folder... Is it even worth it to quarantine at all? I did look through the archives, but I didn't see anything about this... So, if I overlooked something, I apologize. Thanks! -- --- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering [EMAIL PROTECTED] RedHat Engineer - RHCE # 803004140609871 MySQL Core Certified - ID# 205982910 --- "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein [1879-1955] signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] Handling Quarantined Virii
On Fri, 2004-01-30 at 17:59, Eric Rostetter wrote: > I run a cron job that deletes any directory more than 2 weeks old. If Any directory older than 2 weeks? You have clamav quarantining into multiple directories? How? :) > they haven't claimed their files in 2 weeks, their more-or-less out of > luck (it's actually on the backup tapes after deletion, so it could be > recovered still...). Normally that is fine, except during a big out > break like now. Now I keep 2 days worth (which is about 0.5 GB to 1GB > per day for my site), manually deleting them daily. Once the outbreak > is over and the daily size drops back to about 20 MB rather than 1GB, > I'll go back letting the cron job do its work. I'm thinking about maybe using the tmpwatch system in redhat to do this.. just point it at the directory and let it take care of it... > > I'm running clamav w/ > > qmail-scanner and every virus laden email gets put into the quarantine > > folder... Is it even worth it to quarantine at all? > > Yes. I've had some false positives end up there. Like when the corrupt > zip code was first added I had some clean zip files get caught, etc. My > user's get a notice that their file is quarantined and how to ask for it, > so they can claim and false positives. Hrm... True... I guess it is worth it to keep it around for a bit... > -- > Eric Rostetter Thanks for the info! --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Handling Quarantined Virii
On Sun, 2004-02-01 at 19:28, Shawn Tayler wrote: > This brings up a side question. > > What does ClamAV do the files that it places in quarantine? Are they > modified in any way? They don't appear to be ... Other than the QmailScanner header being added > Shawn > > On Fri, 30 Jan 2004 17:03:05 -0500 Jason Frisvold <[EMAIL PROTECTED]> > exclaimed: > > > Hi all, > > > > How does everyone handle the clamav quarantine? I'm running clamav > > w/ > > qmail-scanner and every virus laden email gets put into the quarantine > > folder... Is it even worth it to quarantine at all? > > > > I did look through the archives, but I didn't see anything about > > this... So, if I overlooked something, I apologize. > > > > Thanks! > > > --- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. > http://www.eclipsecon.org/osdn > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users -- --- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering [EMAIL PROTECTED] RedHat Engineer - RHCE # 803004140609871 MySQL Core Certified - ID# 205982910 --- "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein [1879-1955] signature.asc Description: This is a digitally signed message part
[Clamav-users] Freshclam and Daemontools
Hi all! Is there a way to set up Daemontools to monitor and run freshclam? Similar to how clamd is set up with daemontools? I want to ensure that freshclam never dies for no apparent reason... Thanks! -- --- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering [EMAIL PROTECTED] RedHat Engineer - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein [1879-1955] signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] Freshclam and Daemontools
On Wed, 2004-02-18 at 11:02, Odhiambo Washington wrote: > Why do I feel that that would be outrageous? Are you saying that "you > want freshclam permanently connected to the db servers"? How are you > looking at it? No, certainly not... I mean I want daemontools to monitor the freshclam daemon to ensure it's always running... Just like daemontools is used to monitor clamd, qmail, and other daemon capable programs. > cheers >- wash > +--+-+ > Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) | > . 1ere Etage, Loita Hse, Loita St., | > GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI | > GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 | > +-+--+ > "Oh My God! They killed init! You Bastards!" >--from a /. post > > > --- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users -- --- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering [EMAIL PROTECTED] RedHat Engineer - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein [1879-1955] signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] Freshclam and Daemontools
On Wed, 2004-02-18 at 12:52, Peter Bonivart wrote: > Running it in daemon mode and monitoring that the daemon is still > running doesn't mean you're connected to the db servers at all time. > Where did you get that from? Agreed... I want to monitor the process itself, not keep it connected to the DB servers all the time.. > But it does seem strange that Jason is afraid of the daemon stopping and > want to monitor that, why not just run it from crontab? What's the > benefit of running the daemon? Why use daemontools to keep qmail or clamd running? There's always that off chance that something might cause the daemon to die unexpectedly... An obscure bug perhaps... And if it happens, I want to ensure that the daemon is brought back up automatically. At least, I *thought* that's what daemontools was for... Am I mistaken? (I'm rather new to daemontools) -- --- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering [EMAIL PROTECTED] RedHat Engineer - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein [1879-1955] signature.asc Description: This is a digitally signed message part
RE: [Clamav-users] Freshclam and Daemontools
Because I like the way I can control qmail and clamd via daemontools...
And freshclam stopping is, to me, a major issue. If it stops and I'm unaware that it
has stopped, then I run the risk of missing a vital virus definition update...
If noone else has implemented this, then I'll just read a lot and figure it out on my
own ... I'll post my results to the list when I have some... I attempted this
already, but all I got for my troubles was a large number of freshclam instances
running at once... *doh!*
Thanks!
-Original Message-
From: Peter Bonivart [mailto:[EMAIL PROTECTED]
Sent: Wed 2/18/2004 4:11 PM
To: [EMAIL PROTECTED]
Cc:
Subject: Re: [Clamav-users] Freshclam and Daemontools
Jason Frisvold wrote:
> Why use daemontools to keep qmail or clamd running? There's always that
> off chance that something might cause the daemon to die unexpectedly...
> An obscure bug perhaps... And if it happens, I want to ensure that the
> daemon is brought back up automatically. At least, I *thought* that's
> what daemontools was for... Am I mistaken? (I'm rather new to
> daemontools)
No, in your original post you wrote about using daemontools for the
freshclam daemon. I understand perfectly that you want to be sure qmail
and clamd are running, but freshclam? It has been known to stop and why
implement another system to keep it running when you can run it from
crontab? Just don't run it at 0 minutes like everyone else. ;-)
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
׊Ë)¢{(ç[É*^yÔj»X¢êË{±šl6Œº)]jw]z™hÉi±g›±êï‰Ç~ŠË{±Â+aiúÞx5C²‡íÁÞ+_®‰ˆÀ‰É
£m¶ŸÿiÛ(±ÙÜoÚv'ußš–Z
‰ÝøßÊ)rXœ)Z™«î±ê쥊x%ŠËB•©š¾ë
®Éb²Û,¢êÜyú+éÞm¦Ïÿ–+-²Ê.Ç¢¸
ë–+-³ùb²Ø~Ü©š¾ë
®
Re: [Clamav-users] Freshclam and Daemontools
On Thu, 2004-02-19 at 00:37, Sancho2k.net Lists wrote: > The closest I could come is to getting a zombied instance of freshclam > :( Here's the run script I used: Same here... I believe it's because freshclam forks itself into the background to daemonize... Which I don't believe is a bad thing, but kinda breaks the ability to get it to work with daemontools. Fghack is just that.. a hack ... *sigh* > I threw fghack in since there is no way to prevent freshclam from > backgrounding. And it works the same with/without the envuidgid bit. But > this is the result: > > root 25985 0.0 0.128 272 p0 S+10:28PM0:00.00 fghack > freshclam -d -c 4 --stdout > _clamd6122 0.0 0.1 144 624 ?? Ss10:28PM0:00.01 > freshclam -d -c 4 --stdout > _clamd 30432 0.0 0.0 0 0 p0 ZW+ - 0:00.00 > (freshclam) > > True, running the job periodically from cron works for the purpose. But > it is nice to have the manageability and control of daemontools for > these things. I agree... Oh well. I'll just leave it as-is... > DS > > > --- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users -- --- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering [EMAIL PROTECTED] RedHat Engineer - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein [1879-1955] signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] Freshclam and Daemontools
On Thu, 2004-02-19 at 11:17, Thomas Lamy wrote: > First: Please _dont_ top-post... Sorry.. Outlook via web *REALLY* sucks... All I had available at the time though... > From my personal experience freshclam is _very_ stable, and doesn't > need to run through daemontools. Also you can always run it through cron > if you distrust it's daemon capabilities... Not insomuch distrust, I just like using daemontools to ensure the daemon is running, and have the config files control all the details... > Thomas > > > > --- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users -- --- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering [EMAIL PROTECTED] RedHat Engineer - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein [1879-1955] signature.asc Description: This is a digitally signed message part
RE: [Clamav-users] configuring dazuko
> -Original Message- > From: Tomasz Kojm [mailto:[EMAIL PROTECTED] > > > Currently on-access scanning in clamd is very buggy and should not be > used but it's in my TODO to fix it before 0.80. Can someone explain the on-access scanning bit to me? I'm not sure I understand what dazuko is and how to use it... Off-list is fine, although I'm sure others may have questions too... :) > -- >oo. Tomasz Kojm <[EMAIL PROTECTED]> > (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg > \..._ 0DCA5A08407D5288279DB43454822DC8985A444B >//\ /\ Wed Sep 22 20:28:11 CEST 2004 -- Jason Frisvold Penteledata --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] RE: configuring dazuko
> -Original Message- > From: Knut Hildebrandt [mailto:[EMAIL PROTECTED] > On-access scanning means that files are being scanned each > time you touch > them, i.e. perform copy, open, save operations. H+BDV wrote a > kernel module > to provide this functionality, the so called dazuko (German for > DAteiZUgriffsKOntrolle). It interacts with their AvGuard and > thus files are > virus checked each time they are being accessed. Somehow I > suppose this > should work in a similar way with clamd and clamuko. Ah... Uhh.. Wow... Wouldn't that cause a HUGE amount of overhead? Esp on a server? > knut > -- > -- Jason Frisvold Penteledata --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] RE: configuring dazuko
> -Original Message- > From: Todd Lyons [mailto:[EMAIL PROTECTED] > > > Yes it would, but if it prevents viruses from getting onto > desktops, it > has served its purpose. Note that this mode of on-access scanning > doesn't seem to be so much intended for mail servers. Instead its > usefulness really stands out on a file server running samba. Good point.. I'll have to look into this.. Might be worth it for our fileserver... > Compare to Sophos's icheckd daemon. I'll take a look ... Never heard of it though.. :) > -- > Regards...Todd -- Jason Frisvold Penteledata --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] thank you
> -Original Message- > From: Vernon A. Fort [mailto:[EMAIL PROTECTED] > Subject: Re: [Clamav-users] thank you > > > I concur!! I did have problem with keeping freshclam and > clamd running > on previous version but with the release of .80, all process have > continue to run flawlessly on 60+ servers. Flexible, efficient and > hassle-free virus scanning - the way it should BE! Agreed! .80 is very nice... Keep up the great work! > My hats off to the ClamAV team! I'm not wearing a hat.. :( > Vernon ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Clamav and the CR Vulnerability
Hi all, I decided to run all of the tests located at testvirus.org against my mail server. As expected, tests 24 and 25 got through, no surprise there. However, test 17 also made it through. This test is described as follows : Test #17: Eicar virus hidden using the "CR Vulnerability" (attachment can be opened by all versions of Microsoft Outlook and Outlook Express) So, my question goes something like this... Should clamav have caught this test? Running the same test from Declude, it was blocked. I'm not 100% sure what this vulnerability is, or how it works, but I'm a little concerned that this was not blocked. Can anyone give me a little insight into this? Thanks! -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Clamav and the CR Vulnerability
> -Original Message- > From: Ken Jones [mailto:[EMAIL PROTECTED] > Subject: Re: [Clamav-users] Clamav and the CR Vulnerability > > > I sent it to my server as well, and it was caught. Clamav 80. Did you just do this? I tried looking at the source of the email I received and I don't see an eicar test signature anywhere... Where would this be located in the raw email source? > What os are you using, how did you get / build / install clam ? RHES 3.0, ClamAV 0.80, Simscan (latest CVS)... I download the .tar.gz file from the clamav website and roll it into an RPM. Specifically, the configure line looks like this (copied from config.log): ./configure --host=i686-redhat-linux-gnu \ --build=i686-redhat-linux-gnu \ --target=i386-redhat-linux \ --program-prefix= \ --prefix=/usr \ --exec-prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --sysconfdir=/etc \ --datadir=/usr/share \ --includedir=/usr/include \ --libdir=/usr/lib \ --libexecdir=/usr/libexec \ --localstatedir=/var \ --sharedstatedir=/usr/com \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ --program-prefix= \ --disable-clamav \ --enable-id-check \ --with-tcpwrappers \ --with-user=clamav \ --with-group=clamav \ --with-dbdir=/var/lib/clamav > -- > Ken Jones > [EMAIL PROTECTED] -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Clamav and the CR Vulnerability
> -Original Message- > From: Nigel Horne [mailto:[EMAIL PROTECTED] > Subject: Re: [Clamav-users] Clamav and the CR Vulnerability > > It was blocked by my set up. Maybe qmail-scanner is the > problem, try using clamav's internal scanner. I'm not running qmail-scanner, I'm running simscan. Either way, the email that comes in doesn't appear to have this vulnerability in it.. At least, the email source that I receive in my inbox doesn't have the eicar string in it (that I've been able to detect) and hand-scanning via clamscan results in a clean email... The declude version was blocked, so I'm going to make a guess that maybe virustest.org's version is broken? > -Nigel > -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Clamav and the CR Vulnerability
> -Original Message- > From: Simon Burr [mailto:[EMAIL PROTECTED] > Subject: Re: [Clamav-users] Clamav and the CR Vulnerability > > Interesting; I've just tested the email www.testvirus.org > sends out for > test #17 and I've found that ClamAV detects the Eicar virus > via both the > home-grown utility I've written (postfix content filter, > deals with MIME et al > to give ClamAV the individual files) and if I use clamscan on > the email text > which appears in my inbox. Looks like something is stripping the virus out before it ever hit clamav.. However, I did get a copy with the virus in it, and clamscan doesn't detect it... I'm not sure why though ... [EMAIL PROTECTED] cur]# clamscan --mail 1099939661.22577.jake.emcyber.com\,S\=1306\:2\,S 1099939661.22577.jake.emcyber.com,S=1306:2,S: OK --- SCAN SUMMARY --- Known viruses: 26367 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.397 sec (0 m 0 s) Is there some dependency I may be missing? > I'm using ClamAV 0.80 for this. I'm using clamav 0.80 as well.. [EMAIL PROTECTED] cur]# clamscan -V ClamAV 0.80/578/Mon Nov 8 09:26:49 2004 > -- > Simon the stressedhttp://www.bpfh.net/ Thanks, -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Clamav and the CR Vulnerability
> -Original Message- > From: Tomasz Kojm [mailto:[EMAIL PROTECTED] > Subject: Re: [Clamav-users] Clamav and the CR Vulnerability > > > In 0.80 --mbox is enabled by default, and --no-mail disables it. > There's no --mail switch, though. I thought it was --mbox, but there was no --mbox switch listed in the docs. I saw --no-mail, so I figured I'd five --mail a shot.. Clamav didn't complain, so I didn't think much of it... Either way, I need to figure out what's going on here... *sigh* > -- >oo. Tomasz Kojm <[EMAIL PROTECTED]> > (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg > \..._ 0DCA5A08407D5288279DB43454822DC8985A444B > //\ /\ Tue Nov 9 06:33:43 CET 2004 > -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Amazon gift certs being blocked..
> -Original Message- > From: Natter [mailto:[EMAIL PROTECTED] > Subject: [Clamav-users] Amazon gift certs being blocked.. > > > I can't seem to find out what part of qmailscanner or > Clam is blocking these. I have > debian/qmail/vpopmail/qmailscanner/clam. That error looks like a stock qmail-scanner mime-block error. I don't believe clamav will return a disallowed content message... I'm very distrustful of qmail-scanner's mime blocking, so I've moved on to simscan.. The speed alone is wonderful... :) > I've google'd and google'd and I can't find the answer > to this. Thanks for any help. - Eric > > -- > A problem was found in an Email message sent to you. > > The Virus email scanner intercepted it and stopped the > entire message > before it reached you. No further action is required > on your part. > > This is a normal message and should not be cause for > alarm. Please do not > > contact Support to tell them that you received it. > Thank you. > > > The problem was reported to be: > > Disallowed content found in MIME attachment - > potential virus > > Please contact WisperTel Support with any queries > regarding this policy. > > > The message sent to you had the following envelope: > -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Amazon gift certs being blocked..
> -Original Message- > From: [EMAIL PROTECTED] > Subject: RE: [Clamav-users] Amazon gift certs being blocked.. > > > --- Jason Frisvold <[EMAIL PROTECTED]> wrote: > > "I'm very distrustful of qmail-scanner's mime > blocking, so I've moved on > to simscan.. The speed alone is wonderful... :)" > - Thanks for the tip, I'll look into simscan. For the record, I don't mean to bash qmail-scanner.. I've used it for years... I just don't like the mime stuff... -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Virus Name
Hi all, There is an article on zdnet regarding a new type of trojan that uses an ISP's mailserver to send spam. I'm not at all interested in getting into a discussion regarding this.. What I am interested in is to know if anyone has seen this in the wild, and whether or not ClamAV currently has a signature for it. Unfortunately, the article does not detail how this Trojan is installed onto the users system. However, mail seems to be one of the most prevalent methods, so I'm guessing it will come in that way... So, anyone know if this is blocked by Clam yet, and if so, the name? For those interested, that article is located here : http://news.zdnet.com/2100-1009_22-5560664.html Thanks! -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Virus Name
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Randal, Phil > Subject: RE: [Clamav-users] Virus Name > > > Look at the thread on > http://news.gmane.org/gmane.comp.security.virus.clamav.user entitled > "RAR Module Failure". ClamAV supports RAR 2 and not RAR 3 format > archives. Uhh... Am I missing something? What does this have to do with the message I posted regarding the new Zombies? > Cheers, > > Phil > > > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Jason Frisvold > > Subject: [Clamav-users] Virus Name > > > > Hi all, > > > > There is an article on zdnet regarding a new type of > > trojan that uses an ISP's mailserver to send spam. I'm not > > at all interested in getting into a discussion regarding > > this.. What I am interested in is to know if anyone has seen > > this in the wild, and whether or not ClamAV currently has a > > signature for it. Unfortunately, the article does not detail > > how this Trojan is installed onto the users system. However, > > mail seems to be one of the most prevalent methods, so I'm > > guessing it will come in that way... > > > > So, anyone know if this is blocked by Clam yet, and if > > so, the name? > > > > For those interested, that article is located here : > > http://news.zdnet.com/2100-1009_22-5560664.html > > > > Thanks! > > > > -- > > Jason Frisvold > > Penteledata -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Virus Name
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Brian Morrison > Subject: Re: [Clamav-users] Virus Name > > > Seems like any other sort of trojan to me, I can't see why > the signature > would be different because the zombie is using the ISP's smarthost for > outgoing mail. Of course ClamAV will be able to detect such a thing... Wow.. I guess I was *really* unclear.. Lemme try again... The article suggests that this virus/trojan is already in the wild. Does anyone know which one the article is talking about? And does ClamAV already have a signature for it? > Well once such a Trojan appears and is reported to the ClamAV > team it's > signature will be added if it proves to be new, and ClamAV will detect > it if the payload is already recognised. Agreed.. I'm trying to find out if this has been reported already ... > It seems to me that this is almost a non-story, after all > some ISPs are > now blocking all mail from some other continents/countries, > so all mail > is blocked. That in some ways is far more concerning than a slight > change of tactics by the spam/trojan creators. Agreed. And I want to prevent having to do something of that sort. But as far as my email is concerned, I was trying to keep it on-topic. If this trojan were to be widespread, then RBL's could become virtually non-effective. Or, the RBL's could start putting legitimate hosts in the list. If that were to happen, that would be far more damaging... I'm trying to take a pro-active stance and beat them to the punchline. Many of the changes I've already put into effect, and others that are on the list to be done soon, were done to prevent scenarios such as this. I knew it was just a matter of time. That time is, apparently, now. > -- > > Brian Morrison My apologies for not being clear in the first place. -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: AW: [Clamav-users] M$ preparing AV software ?
> -Original Message- > From: Steffen Heil [mailto:[EMAIL PROTECTED] > Subject: AW: AW: [Clamav-users] M$ preparing AV software ? > > > Hi > > > Is that somehow good for the world as a whole? > > I also never claimed that microsoft would do good for the world. > (Even though I don't know anyone besides Bill Gates, who > gifted 500.000.000$ > for wellfare at once.) Some would argue that welfare is not good for the world... :P > Regards, > Steffen I think this has drifted way off topic at this point... :) -- Jason Frisvold ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] installing clamav on Redhat EL3
> -Original Message- > From: Chris Conn [mailto:[EMAIL PROTECTED] > Subject: Re: [Clamav-users] installing clamav on Redhat EL3 > > Sylvain Bouchet wrote: > > Hi, > > > > I want to install clamav on a server running RedHat > Enterprise Linux 3 > > Red Hat Enterprise Linux ES release 3 (Taroon Update 4) > > Kernel 2.4.21-20.0.1.EL on an i686 > > > > or another rpm package ? I have RPMs and SRPMs for 0.83 available here : http://www.godshell.com/toaster Enjoy. -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] No announcement of 0.83 on clamav-announce ML
> -Original Message- > From: Hal Goldfarb [mailto:[EMAIL PROTECTED] > Subject: [Clamav-users] No announcement of 0.83 on clamav-announce ML > > I am trying to play by the rules, honest. Can you instruct > me on how to > properly be informed of clamav code updates? I also think > RPM binaries > should be made available before an official release. There > are probably a > lot of people out there who are not CVS and/or build savvy, > but want to > support you all in your efforts to provide the world with a > free and open > anti-virus tool. I've been rolling my own RPM's for a while now.. I try to keep the latest one available via my toaster site.. I'm sure I can open this up a bit and set up a clamav RPM site if necessary.. http://www.godshell.com/toaster > Just my two bits. > > Thanks > Hal > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > -- Jason Frisvold Penteledata ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Virtual Sites
On 5/5/05, Josh Ansbridge Rutland ICT <[EMAIL PROTECTED]> wrote: > Hello, > > Am currently looking into integrating clamav with the openwebmail project and > have been asked to find out if it is possible to install the clamav on > different / selected virtual sites eg. one of 3 virtual sites would be > unprotected until protection is requested. If it is possible then how would I > go about implementing the system? Hrm... This sounds more like a mail-server issue... I use qmail with simscan here and I can tell the system which domains get virus scanning, and which don't > Thank you for your assistance > > Josh Ansbridge -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAV 0.85 and RAR 3
Hi all, Just a quick question. I didn't see RAR 3 support highlighted in the release notes, but I know that it was mentioned that RAR 3 support is in CVS. Can I assume that this support is not yet ready, and thus not in 0.85? Thanks! -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV 0.85 and RAR 3
On 5/12/05, Trog <[EMAIL PROTECTED]> wrote: > The 0.8x versions are predominantly bug fix releases. > > As the RAR code has been completely re-written (including RAR version 1 > and 2 support), it is currently scheduled for the 0.90 release, which > will have a longer testing period due to the new features it is getting. Excellent! I'm looking forward to this... I thought that RAR 3 support wasn't in there due to licensing restrictions. Were those restrictions removed? > -trog -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to 0.85 or wait for 0.86
On 5/12/05, Phil Schilling <[EMAIL PROTECTED]> wrote: > Thats fine and dandy when you only have one box to upgrade. I think > the original question is valid. .84 lasted what? Week and a half, > maybe two. And yes I am a contributor. I package it in an RPM and use up2date (or preferred rpm handler) to update it on all of my machines.. Granted, I only have a handful, but having to compile it only once is nice.. :) > Phil -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV 0.85 and RAR 3
On 5/12/05, Tomasz Kojm <[EMAIL PROTECTED]> wrote: > "the RAR code has been completely re-written" > > and now Trog holds all licensing restrictions :-) Gotcha.. :) I thought it was more of a "the creator of rar 3 wasn't allowing anyone to create unrar programs without paying him tons of cash" type thing.. :) I'm headed back to my dark corner to patiently await 0.90 ... *grin* > -- >oo. Tomasz Kojm <[EMAIL PROTECTED]> > (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg > \..._ 0DCA5A08407D5288279DB43454822DC8985A444B >//\ /\ Thu May 12 22:35:22 CEST 2005 -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.85 & 0.81.1 tha same troubles with milter
On 5/17/05, Dennis Peterson <[EMAIL PROTECTED]> wrote: > You said it shouldn't log to / and there's no reason it shouldn't if that > is where one wishes it to log. There's lots of reasons why that would be a > bad idea, but it's an admin decision, not an application issue. It sounds like clam is creating the log files *before* the root startup process hands over control to the user defined in the config files. In 0.84 and prior, it sounds like there was something that handed off an open filehandle to the defined user, but that filehandle was opened by root... I'm not sure if that's possible or not, so please correct me if I'm wrong.. :) It seems that the current behaviour is more correct, but still not completely correct.. I would expect that when clamav starts, all control should be handed to the defined user immediately and then files should be created, opened, etc... It's possible that the current problems are mostly due to pre-existing logfiles that are already owned by root, as opposed to new installations. To be honest, I haven't tried a new install to see if the files are still created with "improper" permissions. > dp ... did I mention I'm anal? Isn't anal a required attribute for those who are security conscious? ;) -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamd lockup ?
Hi all, The clamd process on one of my mail servers appears to have locked up earlier today. I was unable to restart or kill the process. In fact, I had to do a hard reset to fix the problem. So, Im wondering what steps I can take next time to a) determine why clamd has locked up, b) gather sufficient debugging information for the clamav team, and c) kill and restart the process without the hard reboot. Can anyone give me some pointers? I understand that there's not a lot of information here. I'm looking for what to do next time, assuming there is a next time.. :) Thanks! -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamd lockup ?
On 5/27/05, Samuel Benzaquen <[EMAIL PROTECTED]> wrote: > If the process is trying some I/O to some not-available, hard-mounted NFS > filesystem, then the process will not die with 'kill -9'. > > Just a thought. I use NFS to mount the user mail directories, but clam should never touch that. The mail comes in, simscan places it into /var/qmail/simscan and then clamdscan is run on that to detect virii. Once completed, control passes back to simscan... Hrm I'm going to consider it an anomoly unless it happens again. Thanks for the tips! > -Samuel -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] update with rpm
On 7/27/05, Salvatore Basso <[EMAIL PROTECTED]> wrote: > ..now I have already installed clamav 0.86.1, therefore I must however to > install a clamav version 0.86.1 with source package 0.86.1 ?? > still thanks. I can put my RPMs up on the web if anyone's interested.. > Salvatore. -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] update with rpm
On 7/27/05, Salvatore Basso <[EMAIL PROTECTED]> wrote: > .. I think this is a good idea !! :-) Ok, they're up there.. http://www.godshell.com/toaster Click on the toaster link and they're in the clamav section. > Salvatore. -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav for Redhat Enterprise 3
On 11/8/05, David Shows <[EMAIL PROTECTED]> wrote: > > What is the correct ClamAV rpm for Redhat Linux Enterprise 3, and where > can I find it? You can find a version here : http://www.godshell.com/toaster/toaster-0.1.html > Thanks, > > David Shows > MegaGate Broadband -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Somebody know where find rpm packages clamav 0.87.1 for Redhat 9 / Redhat 7.3
On 11/16/05, Giorgio Biondi <[EMAIL PROTECTED]> wrote: > Hi, > > I have look on DAG rpm database, but the last version 0.87-1 > > Someone have this packages, or know where get it? Check here : http://www.godshell.com/toaster I have both a pre-bult RPM there which works on RH9, or you can download the SRPM and just rebuild it. :) > All the best. -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] 0.90 crashing?
Hi all, I could use some debug tips. I have clamav installed on CentOS 4.0 along side qmail, spamassassin, simscan and some other software. I've been running 0.88.7 since it's release with no problems. In fact, I've been running Clamav since pre 0.80 without any issues. I've compiled clamav with the same parameters as before, but adding in the experimental flag. I ran all three RC releases with no problems whatsoever, but the final release seems to be crashing. There are no messages in the log as to why this is occuring, and I've been able to find no correlation between the three machines it's running on. It runs for a while and then all of a sudden it stops for no apparent reason. Any tips on debugging this would be quite welcome. For the moment, I've resorted to re-installing 0.88.7 on the two machines that are mission critial. Thanks, -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
On 2/15/07, Tomasz Kojm <[EMAIL PROTECTED]> wrote:
At least some basic information, eg. how you compiled ClamAV, did you use
--enable-experimental, platform details, etc.
I have the same problem on my systems. Or, rather, I have the dying
problem. It could be load related, but I'm not sure. 0.88.7 ran with
no problems as did all three RC releases.
Centos 4 (All of the latest updates)
clamd is run at startup, clamdscan is called from simscan for scanning
Platforms vary a little. One machine is a 2.4 Ghz Intel Celeron, the
other two are 2.4 Ghz Intel Xeons. Each machine has a gig of RAM.
I have an SRPM I use to build clam. The build section is as follows :
%build
%configure \
%if %{!?_without_experimental:1}%{?_without_experimental:0}
--enable-experimental \
%endif
--program-prefix=%{?_program_prefix} \
%{!?_without_milter:--enable-milter} \
--disable-clamav \
--enable-id-check \
--with-tcpwrappers \
--with-user=clamav \
--with-group=clamav \
--disable-zlib-vcheck \
--with-dbdir=%{_localstatedir}/lib/clamav
%{__make}
I don't use milter, so I don't bother compiling with it.
Uhhh.. Not sure what else to add. Like Bill mentioned, there are no
error messages in either the clamd or freshclam log files, nor are
there any errors in the standard syslog files.
Suggestions?
oo. Tomasz Kojm <[EMAIL PROTECTED]>
--
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
http://blog.godshell.com
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90 crashing?
On 2/15/07, Török Edvin <[EMAIL PROTECTED]> wrote: Follow the instructions here http://www.clamav.net/bugs/ on how to get a backtrace of clamd. You need to start clamd, then attach gdb to the running process, and wait for it to crash. Then open a bugreport, and attach all the info. Excellent, thanks for the info. I'll give this a shot and see what happens. Edwin -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
